SSO Using Azure ENTERPRISE
This page explains how to configure Azure and then configure Styra.
Azure Active Directory Configuration
-
Login to Azure.
-
Navigate to
Your Registered App
located under Azure Active Directory >> App registrations >> Display Name. -
Record the [Application (client) ID].
-
Record the Directory (tenant) ID.
-
Navigate to Certificates & Secrets and create a new client secret. Record your secret value to use in your Styra SSO configuration later on.
-
Now, navigate to Redirect URIs >> Authentication and add the URI:
https://<das-id>.styra.com/v1/oauth2/callback
.
Styra Configuration
After you configure Azure, you must configure <das-id>.styra.com
.
-
Login to
<das-id>.styra.com
with your username and password. -
Go to your Workspace, click Access Control >> Single Sign-On Providers and then click OpenID Connect >> + Add OpenID Connect Provider.
-
Enter the following details in the form.
-
Provider name: The name for your identity provider setting. For example,
Corporate Azure AD
. This name will be visible for the users on the login page. -
Issuer URL:
https://login.microsoftonline.com/YOUR_DIRECTORY_TENANT_ID/v2.0
(Replace YOUR_DIRECTORY_TENANT_ID with the tenant ID recorded in Step 4 -
Client ID: Copy the Application Client ID value recorded in Step 3.
-
Client Secret: Copy the Client Secret value recorded in Step 5.
-
Allowed Domains: Type the allowed authentication domain(s) of your users. For example,
retail.acme.com
. If the identity provider supports multiple domains, only users with these domains are allowed to access the service.
You can find your domain in your
Registered App
by selecting Branding on the left side menu. On the branding page, your URL will be present in thePublisher Domain
.-
Invited users only:
-
If enabled, the authenticated user must have a pre-existing account in the service.
-
If disabled, a new user account will be created just-in-time for any authenticated user, as long as the user's domain matches one of the allowed domains (and the identity provider has assigned this user to the Styra application).
-
-
Enabled: Set it to
TRUE
.
-
-
If you have selected just-in-time provisioning for the users, then you can now logout from
<das-id>.styra.com
and sign-in again through Azure. Azure is now displayed on the<das-id>.styra.com
login screen above the username and password.
Invite Users to Styra (Optional)
If you configured <das-id>.styra.com
to allow only invited users to login to the service, then you must create users on <das-id>.styra.com
. You can add or invite users through the following options:
- Using the CLI.
- Using the GUI.
- Any client calling the Styra CLI API.